[Blink] Blink stores plain word passwords in its config file?
Dan Pascu
dan at ag-projects.com
Wed Nov 24 09:42:35 CET 2010
On 24 Nov 2010, at 00:41, Juha Heinanen wrote:
> Dan Pascu writes:
>
>> The conclusion is that either you use a desktop system you own and
>> you're your own root user so you trust yourself implicitly, or you
>> run
>> on a system owned by someone you trust. Otherwise there is no
>> protection against a root user that is willing and determined to read
>> your files or to know what you type on the keyboard.
>
> the conclusion is wrong.
I disagree.
> i can own my own system and it may get lost/stolen.
It will not matter if the password is encrypted or not. All it takes
is a print in the blink code after blink has decoded the encrypted
password. The only way to prevent this is if the password is not
stored but blink asks for it every time, so you need the actual owner
to input it before it will be known. But even this will not guarantee
you security, since someone may stole it while blink is already
running or may not stole your system at all, but he will just modify
the software to log the typed password to a file.
If you're that worried about it being stolen/lost, you should encrypt
your filesystem anyway, because I guess you have much more sensitive
information on it that a sip client password.
--
Dan
More information about the Blink
mailing list